Lucene search
K

6451 matches found

Cvelist
Cvelist
added last week30 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
OSV
OSV
added last week3 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/07 12:30 a.m.5 views

EUVD-2026-41977

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 10:16 p.m.8 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 12:0 a.m.28 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 12:0 a.m.4 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56022

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description A NULL pointer dereference occurs in the src/vm.c file within the op super function OP SUPER. This issue is caused by a missing runtime guard for top-level super. Recommendations Update to version 3.4...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/05 1:30 a.m.8 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 7:23 a.m.6 views

CVE-2026-53166

A flaw was found in the Linux kernel's futex Fast Userspace Mutex requeue mechanism. When a non-top waiter attempts to requeue a Priority Inheritance PI futex it already owns, a NULL pointer dereference can occur. This issue, specifically within the removewaiter function during a self-deadlock...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 8:17 p.m.6 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 7:58 p.m.22 views

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53166

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00126EPSS
Exploits0
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53166

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.8CVSS6AI score0.00126EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:38 a.m.7 views

EUVD-2026-39257

In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in removewaiter on self-deadlock When FUTEXCMPREQUEUEPI requeues a non-top waiter that already owns the target PI futex, taskblocksonrtmutex returns -EDEADLK before setting...

5.8AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.116 views

CVE-2026-53166

The CVE-2026-53166 issue concerns the Linux kernel futex (Fast Userspace Mutex) requeue path, where a non-top waiter that already owns a PI futex could trigger a NULL pointer dereference in remove_waiter() during self-deadlock, causing a kernel crash/DoS. Public sources describe the vulnerability...

5.8AI score0.00126EPSS
Exploits0
OSV
OSV
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53166 futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in removewaiter on self-deadlock When FUTEXCMPREQUEUEPI requeues a non-top waiter that already owns the target PI futex, taskblocksonrtmutex returns -EDEADLK before setting...

5.8AI score0.00126EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.93 views

CVE-2026-53166

...

0.00126EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.18 views

PT-2026-52561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The X25519 x86 64 assembly implementation fails to clear the most significant bit during the final modular reduction. This occurs because the final...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder